If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

The State Of Linux Distributions Handling SecureBoot

Phoronix: The State Of Linux Distributions Handling SecureBoot

For those of you curious about the state of available Linux distributions that can handle UEFI SecureBoot on modern PCs certified for Microsoft Windows 8, here's a run-down of the most common Linux environments and their SecureBoot friendliness...

Isn't the signing only about the bootloader? I mean, do the bootloaders require the kernel to be signed as well? Maybe that can be turned off or something. I read some stuff about this, but it's unclear from there to me...

If the answer is yes, then I foresee no more problems.

If the answer is no, I hope the EU will file lawsuits against whoever is forcing this insanity upon us. Free market? Yeah whatever...

'Some are more equal than others' (George Orwell, Animal Farm) springs to mind...

Ow and umm, did anyone ever encounter a virus that works it's way in through the bootloader/kernel? Most stuff I encounter is because of a leak in a browser plugin :/ . Or is SecureBoot just the beginning? Eventually everything has to be signed and verified?

Isn't the signing only about the bootloader? I mean, do the bootloaders require the kernel to be signed as well? Maybe that can be turned off or something. I read some stuff about this, but it's unclear from there to me...

Define "require". There's no additional security if you permit unsigned kernels, and if your bootloader is signed by Microsoft then it may be considered a violation of the agreement that you signed with them. You're certainly at risk of having your signature blacklisted. If you require explicit user intervention before booting unsigned kernels, then that's fine.

Ow and umm, did anyone ever encounter a virus that works it's way in through the bootloader/kernel? Most stuff I encounter is because of a leak in a browser plugin :/ . Or is SecureBoot just the beginning? Eventually everything has to be signed and verified?

The bootloader's not an avenue of initial compromise, but it makes it possible to make the compromise persistent and almost impossible to remove.